WA organisations lose $500,000 to ‘man in the middle scams’

Fraudsters posing as CEOs or third-party suppliers have cost Western Australian businesses and not-for-profits at least $500,000 in the last two years, prompting a warning about ‘man in the middle scams’.

Acting Commissioner for Consumer Protection David Hillyard said the fraud works in two equally sophisticated ways.

“The false boss or CEO scam usually hacks a chief executive officer or senior leader’s email account to send a subordinate a request to transfer money to a bank account. The imposter will give a plausible reason and believable account holder name but the account number directs the funds to the offenders or their associates.

“The payment diversion scam involves ‘phishing’ phone calls and emails to find out about who works in the finance area of an organisation and existing arrangements with goods or service providers. The fraudsters pretend to be a third party supplier, often via a fake email invoice, and provide new bank account details for payment of money owed.”

Consumer Protection’s WA ScamNet has recorded at least 10 reports of ‘false boss scams’ since 2015 with a total loss of $47,820.00. Between 2015 and 2016 there have been at least 15 reports of ‘payment diversion scams’ with losses totalling $461,215.00.

In Queensland, Brisbane City Council revealed to the media yesterday that it had lost $450,000 to this type of scam. There have also been numerous attacks elsewhere in Australia and overseas.

Mr Hillyard warned anyone making payments to third parties to be aware of the increased frequency in attempts to intercept money.  This was echoed by WA Police Major Fraud Squad.

“Receivers of emails need to be aware that the offenders will use links or attachments containing ‘spyware’ to gather knowledge of personnel, current work or projects and associated suppliers,” Detective Senior Sergeant Steve Potter said.

“To avoid becoming a victim business or organisation, finance areas are advised to ensure processes around money transfers and changing supplier bank account details are robust. Include a step to validate the transaction via previously established contact details; known good phone numbers, email addresses and ideally, speaking with a known individual.”

Warning letters are being sent by the Department of Commerce Director General (DG) to DGs or CEOs at other State and Local Government agencies. The message is also being communicated to businesses, not-for-profits and the wider community as part of a joint communication plan in conjunction with WA Police Major Fraud Squad.

Further details, including local case studies and prevention tips are at: www.scamnet.wa.gov.au/middleman

Organisations targeted by ‘man in the middle scams’ can report the details to WA ScamNet at Consumer Protection by calling 1300 30 40 54. In certain circumstances there may be a referral to police.

Victims wishing to report monetary loss or intelligence directly to WA Police Major Fraud Squad should use the checklist and contact details at www.police.wa.gov.au/Crime/Fraud/Reporting%20fraud.

Media contact (Consumer Protection) 

Consumer Protection
Media release
17 Aug 2016

Share this page:

Last modified: